Log in

Windows Clients

If you are logging into your server from Windows you can use a terminal application called PuTTY. Simply do a Google search for it and you will find where to download it.

Mac / Linux Clients

Simply type in the command below from a Terminal window to login:

# ssh root@12.34.56.78

If this is a reinstall you may have to delete your ~/.ssh/known_hosts file. Please refer to your Operating Systems documentation on how to resolve this.

User administration

Now we're logged in to the VPS, immediately change your root password

# passwd

Add an admin user (I've used the name demo here but any name will do).

# adduser demo

You'll be prompted for the password as well as basic user information.

As you know we never log in as the root user (this initial setup is the only time you would need to log in as root). As such, the main administration user (demo) needs to have sudo (Super User) privileges so he can, with a password, complete administrative tasks.

To do this, we're going to add the main user to the 'sudo' group. Once that is done, we need to edit the 'sudoers' file, using visudo, and ensure the 'sudo' group has the correct privileges.

So firstly, add the user to the sudo group:

# usermod -a -G sudo demo

Next, give the 'visudo' command:

# visudo

Near the bottom of the file you will see this group of text:

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL

Simply add the following line just under the text above:

## Allows people in group wheel to run all commands
%sudo ALL=(ALL) ALL

Save the file by pressing CTRL-X on your keyboard, followed by Y and Enter. Now members of the 'sudo' group have full sudo privileges. You can test this by opening up another SSH session and logging in as the demo user trying to get to a root shell prompt by typing sudo su - and pressing Enter. You will be prompted for the demo password.

Updating Apt

Ubuntu comes with a fully functional package manager called Apt, or apt-get. Ubuntu can also use a program called Aptitude, but it's not always installed on Ubuntu by default.

The first thing we'll need to do is update our cache by running the following command:

# apt-get update

Once you have been returned to the console you'll need to upgrade the packages on your server to keep it secure. Run the following command to upgrade your packages:

The following steps will setup each part of a basic firewall configuration. Once we have all of the rules applied we'll save the rules and set them to start up at boot.

Allow established connections

The first thing we need to do is allow any established traffic to come into the server. This will allow our SSH traffic to continue functioning while we work on our firewall. Type the following command:

# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow SSH traffic

Next we need to include a rule to enable SSH traffic. Type the following rule to allow incoming SSH connections:

# iptables -A INPUT -p tcp --dport ssh -j ACCEPT

If we were to look at our rules at this point by typing iptables -L we would see something like this:

Saving your rules

Now that we have a basic firewall configuration we need to go ahead and save it. The command iptables-save will save your IPtables configuration. By default it will send it to the console so we need to 'pipe' it to a file. Type the following to save the file to /etc/iptables.rules:

# iptables-save > /etc/iptables.rules

Set your rules to apply at boot

Finally we need to make sure that our iptables rules are applied when we boot up the server. The method that Ubuntu suggests is to apply them to your interfaces file but because of the tight integration with our Control Panel we do not recommend that. Our suggested method is to create a service that applies the rules.

To create the startup service file type the following command:

# nano /etc/network/if-pre-up.d/iptaload

You'll see the nano text editor load up. Paste in the following text:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

Save the file by pressing CTRL-X, then Y and Enter.

Next we need to create a service that will run when the server is shut down. This file will save our rules so any changes we have made will be applied at next boot. Type the following to create the service file: